Monitoring Unauthorized Access Point

ABSTRACT

A monitoring system, monitoring server, method, and program that, when an unauthorized access point is installed, effectively block wireless communications performed by the unauthorized access point, a monitoring system including a monitoring server for monitoring an unauthorized access point and multiple terminals connected to the monitoring server via a network is provided. The terminals acquire radio wave information from radio waves transmitted by an access point, and transmit the radio wave information to the monitoring server. The monitoring server detects an unauthorized access point using terminal information including the radio wave information received from the terminals, designates a terminal as a pseudo-access point using intensity of radio waves transmitted by the unauthorized access point, and instructs the terminal to transmit radio waves. The terminal transmits radio waves in accordance with the instruction from the monitoring server.

This Application is a continuation of and claims priority under 35U.S.C. §371 to International Application No. PCT/JP2012/067300 filed onJul. 6, 2012, which claims priority to Japanese Patent Application No.JP2011-215996 filed on Sep. 30, 2011. The contents of bothaforementioned applications are incorporated herein by reference.

TECHNICAL FIELD

The present invention relates to a technology for monitoring an accesspoint and in particular to a monitoring system, monitoring server,method, and program for monitoring an unauthorized access point andblocking wireless communications performed by the unauthorized accesspoint.

BACKGROUND ART

Recently, tethering using a smart phone or use of a mobile router hasallowed easy acquisition of an access point, which is means forinstalling a wireless base station in a corporate facility or the like.Unauthorized connection of such an access point to a corporate networkor the like may cause serious problems such as leakage of confidentialinformation such as personal information. For this reason, there havebeen proposed technologies for blocking wireless communicationsperformed by an unauthorized access point.

Patent Literature 1 discloses a method for detecting an unauthorizedaccess point apparatus which is not connected to a wired LAN andpreventing the unauthorized access point apparatus from accessing awireless LAN terminal. In this method, a physically fixed, existingaccess point apparatus detects an unauthorized access point, generatesblocking data at the timing when the unauthorized access point apparatustransmits a beacon frame, and transmits the blocking data to radiospace.

CITATION LIST Patent Literature

Japanese Patent No. 4229148

SUMMARY OF INVENTION Technical Problem

However, where multiple access point apparatuses are present on onenetwork, these access point apparatuses are generally installed so as tobe physically away from each other. The method disclosed in PatentLiterature 1 allows only an existing access point apparatus that hasdetected an unauthorized access point to transmit data for blockingwireless communications performed by the unauthorized access point. Thisdisadvantageously prevents effective blocking of wireless communicationsperformed by the unauthorized access point.

The present invention has been made to solve the above-mentionedproblem. Accordingly, it is an object of the present invention toprovide a monitoring system, monitoring server, method, and programthat, when an unauthorized access point is installed, effectively blockswireless communications performed by the access point.

Solution to Problem

The present invention provides a monitoring system including amonitoring server for monitoring an unauthorized access point andmultiple terminals connected to the monitoring server via a network. Theterminals acquire radio wave information from radio waves transmitted byan access point and transmits the radio wave information to themonitoring server. The monitoring server detects an unauthorized accesspoint using terminal information including the radio wave informationreceived from the terminals, designates a terminal as a pseudo-accesspoint using intensity of radio waves transmitted by the unauthorizedaccess point, and instructs the terminal to transmit radio waves. Theterminal transmits radio waves in accordance with the instruction fromthe monitoring server.

According to the present invention, a monitoring server, method, andprogram can be provided that detect an unauthorized access point usingterminal information including radio wave information received fromterminals connected to the monitoring server via a network, designates aterminal as a pseudo-access point using intensity of radio wavestransmitted by the unauthorized access point, and instructs the terminalas a pseudo-access point to transmit radio waves.

Advantageous Effects of Invention

Since the present invention employs the above-mentioned configuration, aterminal adjacent to an access point installed in an unauthorized manneris designated as a pseudo-access point. As a result, wirelesscommunications performed by the unauthorized access point can be blockedeffectively.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a drawing showing a monitoring system for monitoring anunauthorized wireless LAN access point according to an embodiment of thepresent invention.

FIG. 2 is a diagram showing respective functional configurations of amonitoring server and a terminal included in the monitoring system shownin FIG. 1.

FIG. 3 is a diagram showing an example of the data tables of databasesheld by the monitoring server and the terminals shown in FIG. 1.

FIG. 4 is a flowchart showing an example of a process performed by theterminals according to the embodiment shown in FIG. 1.

FIG. 5 is a flowchart showing an example of a process performed by themonitoring server according to the embodiment shown in FIG. 1.

FIG. 6 is a flowchart showing an example of the process of step S503shown in FIG. 5.

FIG. 7 is a flowchart showing another example of the process of stepS503 shown in FIG. 5.

FIG. 8 is a flowchart showing yet another example of the process of stepS503 shown in FIG. 5.

DESCRIPTION OF EMBODIMENT

The present invention will be described using an embodiment but notlimited thereto. FIG. 1 is a drawing showing a monitoring system formonitoring an unauthorized wireless LAN (local area network) accesspoint according to an embodiment of the present invention. Referring nowto FIG. 1, a monitoring system 100 will be described.

The monitoring system 100 includes a monitoring server 110, hubs 112 aand 112 b, an access point 114, and terminals 120 a, 120 b, 120 c, and120 d. These apparatuses are connected to a network 130 constructed by aLAN.

The monitoring server 110 is a server apparatus for monitoring anunauthorized wireless LAN access point. The monitoring server 110gathers radio wave information from the terminals 120 a to 120 d via thenetwork 130 and monitors whether an unauthorized wireless LAN accesspoint is installed.

The monitoring server 110 executes a program according to the presentinvention written in a programming language such as assembler, C, C++,Java®, JavaScript®, PERL, PHP, RUBY, and PYTHON under the control of anoperating system (OS) such as Windows® series, including Windows® 7,Windows Vista®, Windows XP®, and Windows200X Server®, Mac OS®, UNIX®,and LINUX®.

The monitoring server 110 includes a RAM for providing execution spacefor executing the program according to the present invention, a harddisk drive (HDD) for continuously holding programs, data, and like, andstorage devices such as flash memory. It implements functional unitsaccording to the present invention (to be discussed later) on itself byexecuting the program according to the present invention. The functionalunits according to the present invention can be implemented by theabove-mentioned apparatus-executable program written in a programminglanguage or the like. The program according to the present invention canbe transmitted in a format readable by different information processingapparatuses via a network.

The terminals 120 a, 120 b, 120 c, and 120 d are information processingapparatuses having a wireless communications function. The terminals 120a, 120 b, 120 c, and 120 d provide radio wave information to themonitoring server 110 via the network 130, as well as transmit varioustypes of radio wave in accordance with an instruction from themonitoring server 110. In the example shown in FIG. 1, the terminals 120a, 120 b, and 120 c are connected to the network 130 via the hubs 112 aand 112 b and communicate with the monitoring server 110 by wire. Whilethe terminals 120 a, 120 b, 120 c, and 120 d shown in FIG. 1 arenotebook PCs, they may be information processing apparatuses, such asvarious types of computers, including desk-top PCs and tablet PCs, andmobile information terminals, including smart phones, cellular phones,and PDFs, in other embodiments.

The terminals 120 a, 120 b, 120 c, and 120 d execute a program accordingto the present invention written in a programming language such asassembler, C, C++, Java®, JavaScript®, PERL, PHP, RUBY, and PYTHON underthe control of an OS, such as Windows® series, including Windows® 7,Windows Vista®, Windows XP®, Windows200X Server®, and Windows Mobile®,Mac OS®, UNIX®, LINUX®, Android®, Google Chrome Os, TRON, and ITRON.

The terminals 120 a, 120 b, 120 c, and 120 d each include a RAM forproviding execution space for executing the program according to thepresent invention, a hard disk drive (HDD) for continuously holdingprograms, data, and like, and storage devices such flash memory. Theyimplement functional units according to the present invention (to bediscussed later) on themselves by executing the program according to thepresent invention. The functions according to the present invention canbe performed by the above-mentioned apparatus-executable program writtenin a programming language or the like. The program according to thepresent invention can be transmitted in a format readable by otherinformation processing apparatuses via the network.

The access point 114 is a router apparatus having a wirelesscommunications function, such as a mobile router, and is connected tothe network 130. In this embodiment, the access point 114 is anauthorized access point, which is authorized to access the monitoringsystem 100. The terminals 120 a, 120 b, 120 c, and 120 d communicatewith each other wirelessly via the access point 114.

The monitoring system 100 shown in FIG. 1 also includes an access point140. The access point 140 is an unauthorized access point, which is notauthorized to access the monitoring system 100, but is connected to thenetwork 130 via the hub 112 b.

FIG. 2 is a diagram showing the respective function configurations ofthe monitoring server 110 and the terminal 120 a included in themonitoring system 100 shown in FIG. 1. Referring now to FIG. 2, thefunction configurations of the monitoring server 110 and the terminal120 a will be described. Note that the function configurations of theterminals 120 b, 120 c, and 120 d are the same as that of the terminal120 a and therefore will not be described.

The monitoring server 110 includes an access point monitoring unit 200,a terminal information database 212, an address range informationdatabase 214, an authorized access point information database 216, and apseudo-access point information database 218.

The access point monitoring unit 200 is function means for monitoring anunauthorized access point. It includes a terminal informationregistration unit 202, an unauthorized access point detection unit 204,a pseudo-access point designation unit 206, a radio wave transmissioninstruction unit 208, and a pseudo-access point information update unit210.

The terminal information registration unit 202 is function means forregistering terminal information, including radio wave informationreceived from the terminals 120 a, 120 b, 120 c, and 120 d in theterminal information database 212. Upon receipt of radio waveinformation from these terminals via the network 130, the terminalinformation registration unit 202 derives terminal information includingthe radio wave information and registers the terminal information in theterminal information database 212. The terminal information database 212will be described in detail with reference to FIG. 3 later.

The unauthorized access point detection unit 204 is function means fordetecting an unauthorized access point. The unauthorized access pointdetection unit 204 uses authorized access point information registeredin the authorized access point information database 216 and terminalinformation registered in the terminal information database 212 todetect whether there is an unauthorized access point. The authorizedaccess point information database 216 will be described in detail withreference to FIG. 3 later.

The pseudo-access point designation unit 206 is function means fordesignating a terminal as a pseudo-access point for blocking wirelesscommunications performed by an unauthorized access point (hereafterreferred to as “pseudo-access point”). The pseudo-access pointdesignation unit 206 refers to the terminal information database 212 todetermine a terminal which is suitable for blocking wirelesscommunications performed by an unauthorized access point and which isadjacent to the unauthorized access point, and designates the terminalas a pseudo-access point.

The pseudo-access point designation unit 206 refers to the terminalinformation database 212 and notifies the administrator of themonitoring system 100 of information (terminal name, MAC address,position information, etc.) for identifying the terminal designated as apseudo-access point, for example, by displaying the information on thedisplay apparatus of the monitoring server 110. Alternatively, thepseudo-access point designation unit 206 may notify the administrator bytransmitting the information to a previously specified email address.

The radio wave transmission instruction unit 208 is function means fortransmitting a radio wave transmission instruction to the terminaldesignated by the pseudo-access point designation unit 206. The radiowave transmission instruction unit 208 transmits the radio wavetransmission instruction to the terminal designated as a pseudo-accesspoint in order to cause the terminal to transmit radio waves.

The pseudo-access point information update unit 210 is function meansfor registering, in the pseudo-access point information database 218,information for identifying the terminal which is designated as apseudo-access point and to which the radio wave transmission instructionunit 208 has transmitted the radio wave transmission instruction as wellas pseudo-access point information including information on the positionof the terminal. The pseudo-access point information database 218 willbe described in detail with reference to FIG. 3 later.

The terminal 120 a includes a software agent 220, a wireless LAN adaptercontrol unit 228, a wireless LAN adapter 230, and a radio waveinformation database 232.

The software agent 220 is a program that is installable to the terminal120 a, and includes a radio wave information acquisition unit 222, aradio wave information transmission unit 224, and a radio wavetransmission unit 226. The software agent 220 may be implemented as aprogram that always starts up when the terminal 120 a starts up, or maybe implemented as a program that starts up in accordance with a startupinstruction from the user.

The radio wave information acquisition unit 222 is function means foracquiring radio wave information detected by the wireless LAN adaptercontrol unit 228. The radio wave information acquisition unit 222periodically acquires radio wave information from the wireless LANadapter 230 via the wireless LAN adapter control unit 228 and registersthe radio wave information in the radio wave information database 232.The radio wave information database 232 will be described in detail withreference to FIG. 3 later.

The radio wave information transmission unit 224 is function means fortransmitting radio wave information to the monitoring server 110. Theradio wave information transmission unit 224 periodically acquires radiowave information from the radio wave information database 232 andtransmits the radio wave information to the monitoring server 110.

The radio wave transmission unit 226 is function means for causing thewireless LAN adapter 230 to transmit radio waves for blocking wirelesscommunications performed by an unauthorized access point. Upon receiptof a radio wave transmission instruction from the monitoring server 110,the radio wave transmission unit 226 refers to radio wave informationregistered in the radio wave information database 232, determines radiowaves suitable for blocking wireless communications performed by anunauthorized access point, and causes the wireless LAN adapter 230 totransmit the radio waves via the wireless LAN adapter control unit 228.The radio wave transmission unit 226 also transmits radio wavesincluding information for identifying the terminals 120 a, 120 b, 120 c,and 120 d and protocol information. The radio wave transmission unit 226periodically refers to the radio wave information database 232 andcauses the wireless LAN adapter 230 to transmit radio waves until radiowave information from the unauthorized access point disappears.

For example, when an unauthorized access point is using IEEE802.11b/g asa wireless LAN communication protocol, the radio wave transmission unit226 can refer to radio wave information registered in the radio waveinformation database 232, identify a channel being used by the accesspoint, and cause the wireless LAN adapter 230 to transmit radio waves inthe same frequency band as that allocated to the channel.

When a channel being used by an unauthorized access point changes withtime, the radio wave transmission unit 226 can refer to radio waveinformation registered in the radio wave information database 232,identify the changed channel being used by the unauthorized accesspoint, and cause the wireless LAN adapter 230 to transmit radio waves atthe same frequency band as that allocated to the changed channel.

Further, the radio wave transmission unit 226 can refer to radio waveinformation registered in the radio wave information database 232,identify a channel being used by an unauthorized access point, and causethe wireless LAN adapter 230 to transmit radio waves in the samefrequency band as that allocated to all channels of IEEE802.11b/g,including the channel.

In another embodiment, the radio wave transmission unit 226 may blockwireless communications performed by an unauthorized access point, bymaking DoS (denial of service) attacks against the unauthorized accesspoint, for example, by continuously transmitting access requests to theunauthorized access point.

Where a packet transmitted by an unauthorized access point is encrypted,the radio wave transmission unit 226 may block wireless communicationsperformed by the access point, by decrypting the packet and transmittinga pseudo-packet to the unauthorized access point. In this case, theradio wave transmission unit 226 may store information on the decryptedpacket in the form of a log, journal, or the like.

The wireless LAN adapter control unit 228 is function means forcontrolling the wireless LAN adapter 230. The wireless LAN adaptercontrol unit 228 controls the wireless LAN adapter 230 in accordancewith an instruction from the higher-order program, the software agent220. The wireless LAN adapter control unit 228 also provides informationon radio waves detected by the wireless LAN adapter 230 in accordancewith an instruction from the software agent 220.

The wireless LAN adapter 230 is an apparatus that includes an antennacapable of transmitting and receiving radio waves and that performswireless LAN communications. The wireless LAN adapter 230 detects radiowaves transmitted by a surrounding access point, A/D converts the radiowaves, and transmits the resulting radio waves to the wireless LANadapter control unit 228. The wireless LAN adapter 230 also transmitsradio waves in a specified frequency band or transmits a specific packetunder the control of the wireless LAN adapter control unit 228.

FIG. 3 is a diagram showing an example of the data tables of databasesheld by the monitoring server 110 and the terminals 120 a, 120 b, 120 c,and 120 d. Referring now to FIG. 3, these data tables will be described.

An IP address range information table 310 is the data table of theaddress range information database 214 held by the monitoring server110. An IP address range 312 and position information 314 are registeredin the IP address range information table 310 in an associated manner.These pieces of information are previously set by the administrator ofthe monitoring system 100.

The IP address range 312 is the range of IP addresses allocated to theterminals 120 a, 120 b, 120 c, and 120 d. In this embodiment, when theuser connects the terminals 120 a, 120 b, 120 c, and 120 d to thenetwork 130, a DHCP (dynamic host configuration protocol) serverincluded in the monitoring system 100 automatically allocates IPaddresses in the IP address range 312 to these terminals.

In another embodiment, when the user connects the terminals 120 a, 120b, 120 c, and 120 d to the network 130, the user may manually specify IPaddresses in the IP address range 312.

The position information 314 is information indicating the positionswhere the terminals 120 a, 120 b, 120 c, and 120 d having the allocatedIP addresses are connected to the network 130. The position information314 can be set to each of IP address ranges shown by the IP addressrange 312.

In an example shown in FIG. 3, “192.168.1.0/24” and “192.168.2.0/24” areregistered as examples of the IP address range, and“Tokyo/bldg.1/16F/east” and “Tokyo/bldg.1/16F/west” are registered withrespect to these IP address ranges in an associated manner. That is, theIP address range information table 310 shows that a terminal to which anIP address in the IP address range “192.168.1.0/24” is allocated ispresent in “Tokyo/bldg.1/16F/east” and that a terminal to which an IPaddress in the IP address range “192.168.2.0/24” is allocated is presentin “Tokyo/bldg.1/16F/west”.

The authorized access point information table 320 is the data table ofthe authorized access point information database 216 held by themonitoring server 110. Terminal name and terminal identificationinformation 322 and pseudo-access point identification information 324are registered in the authorized access point information table 320 inan associated manner. These pieces of information are previously set bythe administrator of the monitoring system 100.

The terminal name and terminal identification information 322 are thename of a terminal that can be designated as a pseudo-access point andinformation for identifying the terminal. A terminal name is any namethat can be set by the administrator. Terminal identificationinformation is information by which a terminal can be uniquelyidentified. In this embodiment, an ID number unique to an Ethernet® cardused by a terminal, and a MAC (media access control) address, is used asterminal identification information.

The pseudo-access point identification information 324 is informationfor identifying a pseudo-access point in the monitoring system 100.Where the terminals 120 a, 120 b, 120 c, and 120 d are designated aspseudo-access points, the pseudo-access point identification information324 is information for identifying the terminals 120 a, 120 b, 120 c,and 120 d serving as pseudo-access points. In this embodiment, an SSID(service set identifier), for which any alphanumeric characters can beset, are used as information for identifying a pseudo-access point.

A radio wave information table 330 is the data table of the radio waveinformation database 232 held by the terminals 120 a, 120 b, 120 c, and120 d. Terminal identification information 332, radio intensity 334derived from radio waves detected by the terminals 120 a, 120 b, 120 c,and 120 d, and protocol information 336 are registered in the radio waveinformation table 330 in an associated manner.

The terminal identification information 332 is terminal identificationinformation derived from radio waves transmitted by the authorizedaccess point 114 such as a router apparatus having a wirelesscommunications function, the terminals 120 a, 120 b, 120 c, and 120 d,and the unauthorized access point 140. In this embodiment, the MACaddresses of these access points are used as terminal identificationinformation 332.

The radio intensity 334 is the intensity of radio waves transmitted byan access point and represents the degree of actual radio intensityrelative to the maximum radio intensity that the terminals 120 a, 120 b,120 c, and 120 d can detect. While radio intensity is represented by apercentage in this embodiment, it may be represented by other numericvalues (e.g., 0≦radio intensity≦1, etc.) in other embodiments.

The protocol information 336 is information on a communication protocolused by an access point. The protocol information 336 includesinformation for identifying an access point and information indicatingthe type of a communication protocol used by the access point. Anexample shown in FIG. 3 shows that an SSID is used as information foridentifying an access point and that an access point to which “IBM3” isset as an SSID is using a channel “1” of the communication protocol“IEEE802.11g.” This example also shows that an access point to which“BAD” is set as an SSID is using the channel “6” of the communicationprotocol “IEEE802.11g.”

A terminal information table 340 is the data table of the terminalinformation database 212 held by the monitoring server 110. Themonitoring server 110 derives terminal information by referring to theaddress range information database 214 and the authorized access pointinformation database 216 and using radio wave information received fromthe terminals 120 a, 120 b, 120 c, and 120 d. Such terminal informationis registered in the terminal information table 340. Terminal name andthe terminal identification information 342, position information 344,radio wave information 346, and radio wave information measurement time348 are registered in the terminal information table 340 in anassociated manner.

The terminal name and terminal identification information 342 are thename of a terminal that has transmitted radio wave information, andinformation for identifying the terminal. The information foridentifying the terminal is added to the radio wave information asmetadata. The terminal name is a terminal name corresponding to theinformation for identifying the terminal, and the monitoring server 110determines it by referring to the authorized access point informationdatabase 216.

The position information 344 is information indicating the positionwhere the terminal indicated by the terminal name and the terminalidentification information 342 is connected to the network 130. Themonitoring server 110 determines the position information 344 byreferring to the address range information database 214 and using the IPaddress of the terminal, which the metadata of the radio waveinformation.

The radio wave information 346 is radio wave information transmitted bya terminal indicated by the terminal name and terminal identificationinformation 342. Terminal identification information of an access pointwhich has transmitted radio waves detected by the terminal that hastransmitted the radio wave information, radio intensity, and protocolinformation are registered in the radio wave information 346. The radiowave information measurement time 348 is the time when the monitoringserver 110 receives the radio wave information.

The pseudo-access point information table 350 is the data table of thepseudo-access point information database 218 held by the monitoringserver 110. Terminal name and terminal identification information 352 ofa terminal designated as a pseudo-access point, and position information354 of the terminal are registered in the pseudo-access pointinformation table 350 in an associated manner.

FIG. 4 is a flowchart showing an example of a process performed by theterminal according to the embodiment shown in FIG. 1. Referring now toFIG. 4, a process performed by the terminal 120 a will be described.

The process of FIG. 4 starts from step S400. In step S401, the radiowave information acquisition unit 222 of the software agent 220 of theterminal 120 a determines whether it has detected radio waves from anadjacent access point. If it has not detected radio waves (NO), itrepeats the process of step S401. In contrast, if it has determinedradio waves (YES), it proceeds to step S402.

In step S402, the radio wave information acquisition unit 222 storesradio wave information included in the detected radio waves in the radiowave information database 232. In step S403, the radio wave informationtransmission unit 224 transmits the radio wave information stored in theradio wave information database 232 to the monitoring server 110.

In step S404, the software agent 220 determines whether standby time haselapsed. If the standby time has not elapsed (NO), it repeats theprocess of step S404. In contrast, if the standby time has elapsed(YES), it returns to step S401 and performs the above-mentioned processagain. In this embodiment, any time can be set as the standby time.

FIG. 5 is a flowchart showing an example of a process performed by themonitoring server according to the embodiment shown in FIG. 1. Referringnow to FIG. 5, the process performed by the monitoring server 110 willbe described.

The process of FIG. 5 starts from step S500 where the monitoring server110 receives radio wave information from the terminals 120 a, 120 b, 120c, and 120 d. In step S501, the terminal information registration unit202 of the access point monitoring unit 200 refers to the address rangeinformation database 214 and the authorized access point informationdatabase 216, derives terminal information using the received radio waveinformation and metadata thereof, and registers the terminal informationin the terminal information database 212.

In step S502, the unauthorized access point detection unit 204 refers tothe terminal information database 212 and the authorized access pointinformation database 216 and determines whether radio wave informationregistered in the terminal information database 212 includes informationfor identifying an unauthorized access point. Thus, it determineswhether there is an unauthorized access point. If there is nounauthorized access point (NO), the process proceeds to step S505 andends. In contrast, if there is an unauthorized access point (YES), theprocess proceeds to step S503.

In step S503, the pseudo-access point designation unit 206 designates aterminal as a pseudo-access point. In step S504, the radio wavetransmission instruction unit 208 transmits a radio wave transmissioninstruction to the terminal designated as a pseudo-access point in stepS503. The process ends in step S505.

FIG. 6 is a flowchart showing an example of the process of step S503shown in FIG. 5.

The process shown in FIG. 6 starts from step S600. In step S601, thepseudo-access point designation unit 206 refers to the terminalinformation database 212 and sorts terminal information in thedescending order of the radio intensity of an unauthorized access point.In step S602, the pseudo-access point designation unit 206 designates,as a pseudo-access point, a terminal that has received radio waveshaving intensity not less than predetermined radio intensity from theunauthorized access point. The process then ends in step S603. In thisembodiment, any level of radio intensity which is suitable for blockingwireless communications performed by an unauthorized access point can beset as predetermined radio intensity.

FIG. 7 is a flowchart showing another example of the process of stepS503 shown in FIG. 5.

The process shown in FIG. 7 starts from step S700. In step S701, thepseudo-access point designation unit 206 refers to the terminalinformation database 212 and sorts terminal information in thedescending order of the radio intensity of an unauthorized access point.In step S702, the pseudo-access point designation unit 206 designates,as a pseudo-access point, a terminal that has received radio waveshaving the highest intensity from the unauthorized access point. Theprocess then ends in step S703.

FIG. 8 is a flowchart showing yet another example of the process of stepS503 shown in FIG. 5. In this example, the monitoring server 110includes a traffic monitoring unit for monitoring traffic on the network130 and acquires traffic information including the amounts of trafficgenerated by the terminals 120 a, 120 b, 120 c, and 120 d andinformation for identifying the terminals.

The process shown in FIG. 8 starts from step S800. In step S801, thepseudo-access point designation unit 206 refers to the terminalinformation database 212 and sorts terminal information in thedescending order of the radio intensity of an unauthorized access point.In step S802, the traffic monitoring unit monitors traffic on thenetwork 130 and acquires traffic information. In step S803, thepseudo-access point designation unit 206 designates, as a pseudo-accesspoint, a terminal that has received radio waves having intensity notless than predetermined radio intensity from the unauthorized accesspoint and that has not generated traffic on the network. The processthen ends in step S804. In this embodiment, any level of radio intensitywhich is suitable for blocking wireless communications performed by anunauthorized access point can be set as predetermined radio intensity.

In this example, a terminal which has not generated traffic on thenetwork 130 is selectively designated as a pseudo-access point. Thus, aterminal which is not connected to the network by wire but is performingwireless LAN communications is prevented from being designated as apseudo-access point. As a result, without blocking wirelesscommunications performed by that terminal, those performed by anunauthorized access point can be blocked.

While the embodiment has been described, the present invention is notlimited thereto. Changes, including a change to or deletion of anyfunction means of the embodiment and addition of another function means,can be made thereto without departing from the scope conceivable forthose skilled in the art. Any embodiment will fall within the scope ofthe present invention as long as the embodiment has functions andadvantages of the invention.

REFERENCE SIGNS LIST

100: monitoring system

110: monitoring server

112 a, 112 b: hub

114: access point

120 a, 120 b, 120 c, 120 d: terminal

130: network

140: access point

1. A monitoring system comprising: a monitoring server that monitors anunauthorized access point; and a plurality of terminals connected to themonitoring server via a network, wherein each of the terminalscomprises: a radio wave information acquisition unit that acquires radiowave information from radio waves transmitted by an access point; aradio wave information transmission unit that transmits the radio waveinformation to the monitoring server; and a radio wave transmission unitthat transmits radio waves in accordance with an instruction from themonitoring server, and wherein the monitoring server comprises: aterminal information registration unit that registers terminalinformation in a database, the terminal information including the radiowave information received from the terminals; an unauthorized accesspoint detection unit that detects an unauthorized access point using theterminal information; a pseudo-access point designation unit thatdesignates a terminal as a pseudo-access point using intensity of radiowaves transmitted by the unauthorized access point; and a radio wavetransmission instruction unit that instructs the terminal designated asthe pseudo-access point to transmit radio waves.
 2. The monitoringsystem according to claim 1, wherein the pseudo-access point designationunit designates, as the pseudo-access point, a terminal that hasreceived radio waves having intensity not less than predeterminedintensity from the unauthorized access point.
 3. The monitoring systemaccording to claim 1, wherein the pseudo-access point designation unitdesignates, as the pseudo-access point, a terminal that has receivedradio waves having a highest intensity from the unauthorized accesspoint.
 4. The monitoring system according to claim 1, wherein themonitoring server further comprises a traffic monitoring unit thatmonitors traffic on the network, wherein the pseudo-access pointdesignation unit designates, as the pseudo-access point, a terminal thathas received radio waves having intensity not less than predeterminedintensity from the unauthorized access point and that has not generatedtraffic on the network.
 5. A monitoring server for monitoring anunauthorized access point, comprising: a terminal informationregistration unit that registers terminal information in a database, theterminal information including radio wave information received from aplurality of terminals, the terminals being connected to the monitoringserver via a network; an unauthorized access point detection unit thatdetects an unauthorized access point using the terminal information; apseudo-access point designation unit that designates a terminal as apseudo-access point using intensity of radio waves transmitted by theunauthorized access point; and a radio wave transmission instructionunit that instructs the terminal designated as the pseudo-access pointto transmit radio waves.
 6. The monitoring server according to claim 5,wherein the pseudo-access point designation unit designates, as thepseudo-access point, a terminal that has received radio waves havingintensity not less than predetermined intensity from the unauthorizedaccess point.
 7. The monitoring server according to claim 5, wherein thepseudo-access point designation unit designates, as the pseudo-accesspoint, a terminal that has received radio waves having a highestintensity from the unauthorized access point.
 8. The monitoring serveraccording to claim 5, further comprising: a traffic monitoring unit thatmonitors traffic on the network, wherein the pseudo-access pointdesignation unit designates, as the pseudo-access point, a terminal thathas received radio waves having intensity not less than predeterminedintensity from the unauthorized access point and that has not generatedtraffic on the network.
 9. A method performed by a monitoring server formonitoring an unauthorized access point, the method comprising the stepsof: registering terminal information in a database, the terminalinformation including radio wave information received from a pluralityof terminals, the terminals being connected to the monitoring server viaa network; detecting an unauthorized access point using the terminalinformation; designating a terminal as a pseudo-access point usingintensity of radio waves transmitted by the unauthorized access point;and instructing the terminal designated as the pseudo-access point totransmit radio waves.
 10. The method according to claim 9, wherein thestep of designating the terminal as the pseudo-access point comprises astep of designating a terminal, as the pseudo-access point, a terminalthat has received radio waves having intensity not less thanpredetermined intensity from the unauthorized access point.
 11. Themethod according to claim 9, wherein the step of designating theterminal as the pseudo-access point comprises a step of designating, asthe pseudo-access point, a terminal that has received radio waves havinga highest intensity from the unauthorized access point.
 12. The methodaccording to claim 9, further comprising: monitoring traffic on thenetwork, wherein the step of designating the terminal as thepseudo-access point comprises a step of designating, as thepseudo-access point, a terminal that has received radio waves havingintensity not less than predetermined intensity from the unauthorizedaccess point and that has not generated traffic on the network.
 13. Anapparatus-executable program for causing a monitoring server to monitorfor an unauthorized access point according to the method of claim 9 whenthe program is executed by the monitoring server.
 14. A monitoringserver for monitoring an unauthorized access point, comprising: aterminal information registration unit that registers terminalinformation in a database, the terminal information including radio waveinformation received from a terminal; an unauthorized access pointdetection unit that detects an unauthorized access point using theterminal information; a pseudo-access point designation unit thatdesignates a terminal as a pseudo-access point using intensity of radiowaves transmitted by the unauthorized access point; a radio wavetransmission instruction unit that instruct the terminal designated asthe pseudo-access point to transmit radio waves; and a trafficmonitoring unit that monitors traffic on a network, wherein thepseudo-access point designation unit designates, as the pseudo-accesspoint, a terminal that has received radio waves having intensity notless than predetermined intensity from the unauthorized access point,designates, as the pseudo-access point, a terminal that has receivedradio waves having a highest intensity from the unauthorized accesspoint, or designates, as the pseudo-access point, a terminal that hasreceived radio waves having intensity not less than predeterminedintensity from the unauthorized access point and that has not generatedtraffic on the network.